His father was the governor of Kufa, and al-Kindi received his first education there. He later completed his studies in Baghdad, where he was patronized by the Abbasid Caliphs al-Ma'mun and al-Mu'tasim. Because of his learning and aptitude for study, al-Ma'mun appointed him to House of Wisdom (بيت الحكمة) in Baghdad, a recently recognized centre for the translation of philosophical and scientific texts. He was well known for his magnificent calligraphy, and at one point was employed as a calligrapher by al-Mutawakkil.

Contribution to information security

Al-Kindi was a pioneer in cryptography, especially cryptanalysis. In modern times, cryptography is considered a branch of both mathematics and computer science, and is affiliated closely with information theory, computer security, and engineering.

Cryptography is used in applications today in technologically advanced societies; examples include the security of ATM cards, computer passwords, and electronic commerce, which all depend on cryptography.

He gave the first known recorded explanation of cryptanalysis inرسالة في إستخراج المعمة" "(Manuscript on Deciphering Cryptographic Messages). In particular, he is credited with developing the frequency analysis method whereby variations in the frequency of the occurrence of letters could be analyzed and exploited to break ciphers (i.e. cryptanalysis by frequency analysis).

This was detailed in a text recently rediscovered in the Ottoman archives in Istanbul, A Manuscript on Deciphering Cryptographic Messages, which also covers methods of cryptanalysis, encipherments, cryptanalysis of certain encipherments, and statistical analysis of letters and letter combinations in Arabic. This manuscript is also first known recorded explanation of cryptanalysis was given by Al-Kindi.

"Encipherments of letters divided into two parts" is among technique of cryptography introduced by Al-Kindi. The other method was the most fundamental technique for a cryptanalyst, frequency analysis.

Frequency analysis is the basic tool for breaking most classical ciphers. In natural languages, certain letters of the alphabet appear more frequently than others; in English, "E" is likely to be the most common letter in any sample of plaintext which is 13% of all letters.

Similarly, the digraph "TH" is the most likely pair of letters in English, and so on. Frequency analysis relies on a cipher failing to hide these statistics. For example, in a simple substitution cipher (where each letter is simply replaced with another), the most frequent letter in the cipher text would be a likely candidate for "E".

No doubt that Al-Kindi is a role-model for Muslim computer scientist especially to those who are involving in informationsecurity. It is not impossible for Muslim security professionals and cryptanalysts to become 21st century Al-Kindi by decipher and discover flaws in most recent technology in cryptography like Public-Key Cryptography and Quantum Cryptography.

Description:d3m0n has reported a vulnerability in Joomla!, which can be exploited by malicious people to bypass certain security restrictions and manipulate data.

The vulnerability is caused due to improper access restriction in components/com_user/models/reset.php. This can be exploited to bypass the authentication mechanism and change the password of the user with the lowest ID (typically the administrator), without having valid user credentials.

The vulnerability is reported in all 1.5.x versions prior to 1.5.6.

Solution:Update to version 1.5.6.

Provided and/or discovered by:d3m0n

The vendor credits Marijke Stuivenberg.

Original Advisory:Joomla!:http://developer.joomla.org/security/...re-password-remind-functionality.html

d3m0n:http://milw0rm.com/exploits/6234

Source Advisory:http://secunia.com/advisories/31457/

[Cited From http://gcert.mampu.gov.my/index.php?option=com_content&task=view&id=209&Itemid=1]

Monday, 11 August 2008

PROMED @ CS 08 tried to follow some of ACM-ICPC concept but I think there are lot of aspects that should be improved.

They should explain clearly in the contest rule about the IDE that will be provided during the contest. Instead of Java (JDK 1.5), they should mention Java (Eclipse/NetBeans IDE) in the contest rules to clear misunderstanding of participants who used Java to think that they are only allowed to use Notepad while C++ participants can use MS Visual C++!

They should provide Eclipse IDE too because most of Java developers preferred Eclipse more than NetBeans.

I don't know whether the judges have their own solution and answers in Java because Java and C++ treat floating number differently. If I'm wrong please informed me.

The lab condition: They should place the monitor at the centre of the table. They have two computers per table, why not using dual-monitor cloned view?

End of my views and opinion about this year PROMED and my first time joining PROMED. Feel free to give comments on my opinion and If you think I should listed more,fell free to tell me too.

Thursday, 7 August 2008

IF YOU'RE a hard-core IT security wonk, you already know about this. If not, go to Doxpara.com right now and click on the button that says "Check my DNS." That will run a simple test to tell you whether your name server appears to be vulnerable to DNS cache poisoning.

No, really - right away. Doxpara.com. Go. Now. We'll wait.

Did the test say that you're vulnerable? Then you've got work to do.

Did it say that you're not? You've still got work to do.

Here's why: Early this year, security researcher Dan Kaminsky discovered a design flaw in the Internet's Domain Name System, which translates names like Computerworld.com uito IP addresses such as 65.221.110.98.

Kaminsky didn't find a bug in one DNS implementation. He found a vulnerability that's designed into every DNS server. That's right - they're all broken. Microsoft's version. And Cisco's. And BIND, which is widely used on Unix and Linux servers.

The design flaw allows an attacker to hijack domain names. Put simply, a victim would never know where the Internet was taking him. E-mail could be redirected. Web sites could be spoofed. Everything on the Internet is at risk if an attacker takes over the DNS.

How do you fix a fundamental design flaw that affects the entire Internet? Answer: You can't. So you don't. Instead, you find a way to make the design Saw much, much harder to exploit.

Kaminsky contacted Paul Vixie, who has been responsible for the BIND DNS server since 1988. Vixie called together the top DNS experts. In March, they secretly started work on the job of patching every major DNS implementation. Not with a fix - that would be impossible - but with a work-around.

On July 8, they all rolled out their patches at the same time (see story, page 12). Microsoft. Cisco. AT&T. Sun. Red Hat. The BIND guys. Everybody.

This is not "a patch" to fix "a bug." This is a wake-up call for virtually the whole IT industry. The entire Internet needs fixing. Yes, right now. And that includes every corporate network and every ISP.

Here's the good news: Because the flaw Kaminsky discovered is so baked into DNS, because it literally can't be fixed, the only good way to block it is to make it really hard for attackers to do anything bad to a DNS server. That's what last week's patches do.

As a result, those patches protect you not only from the design flaw Kaminsky discovered, but also from lots of other bugs that have been found over the years - and from bugs that haven't yet been discovered. It's the biggest and most effective Internet security fix ever.

You want these patches on your DNS servers. You need them. If you're a CIO or an IT manager and you failed that test at Doxpara.com, you should start asking your networking guys when you'll no longer be vulnerable.

If you didn't fail the test, don't get cocky. Sure, the DNS server you're using is good. But are all of your network's DNS servers safe? What about the DNS servers of ISPs that your users connect to when they're on the road or working from home? What about business partners who connect to your systems across the Internet? They all need fixing.

And it won't all be as simple as testing and installing patches. Some older DNS servers haven't been patched. They'll need upgrades. Yahoo, for example, uses BIND Version 8. There's no patch for that, so Yahoo is upgrading its entire infrastructure.

See? There's work to do. Get to it. Now. Don't wait for the bad guys to figure out how to exploit this DNS flaw.

Dark Tyrannomon was among the evil Digimon that Gatomon recruited to help Myotismon take over the real world in Episode 35 of Season 1.

In Season 2, the Digimon Emperor attempted to use several DarkTyrannomon to stop SkullGreymon's rampage, but they were all easily defeated by the mammoth beast.

Since it is so difficult to find DarkTyrannomon pictures with acceptable resolution, I uploaded DarkTyrannomon pictures here from snapshot of Digimon Adventures fansub (sorry for eyesore subtitle on these pictures).

Followers

Links

Disclaimer:

ANY INFORMATION ON THIS BLOG IS STRICTLY FOR EDUCATIONAL PURPOSES ONLY.

THE AUTHOR IS NOT RESPONSIBLE AND SHOULD NOT BE BLAMED FOR ANY DAMAGED CAUSE BY ANY INFORMATION ON THIS BLOG.

USE ANY INFORMATION AT YOUR OWN RISK AND DO NOT BLAME OTHERS.

ALL INFORMATION LOCATED ON THE CURRENT SITE IS PLACED THERE FOR PRIVATE PURPOSES AND MAY NOT BE DOWNLOADED, VIEWED OR USED IN ANY WAY OR FOR ANY PURPOSE WHATSOEVER.

THE CURRENT SITE WEBMASTER OR ORGANIZATION HOSTING THIS BLOG TAKES NO RESPONSIBILITY FOR THE WAY YOU MAY USE INFORMATION FROM THIS SITE.

IF YOU ARE A MEMBER OF ANY ANTI-PIRACY OR RELATED GROUPS OR ORGANIZATIONS YOU MAY NOT ENTER THIS SITE OR VIEW ANY OF THE BLOG CONTENTS.

IF YOU ENTER THIS BLOG AND DO NOT AGREE WITH THE CURRENT TERMS YOU MAY NOT CAUSE ANY NEGATIVE TREATMENT OF OUR HOSTING ISPS, ORGANIZATION OR ANY PERSONS STORING THIS BLOG INFORMATION, AS ANY SUCH ACTION WILL BE DEEMED AS VIOLATION CODE NO. 431.322.12 OF THE INTERNET PRIVACY ACT OF 1995.

BY USING, VIEWING OR OBTAINING ANY INFORMATION CONTAINED ON THIS BLOG, YOU AGREE TO THIS DISCLAIMER.